IT Security Weekend Catch Up – March 26, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!

For the less technical

  1. Adrian Lamo, ‘homeless hacker’ who turned in Chelsea Manning, dead at 37
  2. Big Data Gate
  3. Level 3 technician’s misstep causes largest outage ever reported
  4. Orbitz says legacy travel site likely hacked, affecting 880k
  5. Kaspersky’s ‘Slingshot’ report burned an ISIS-focused intelligence operation
  6. Nine Iranians indicted by US for hacking to steal research data + FBI’s wanted list
  7. Telegram loses bid to block Russia from encryption keys
  8. Some people repeatedly win the Wisconsin Lottery. Do they play fair?
  9. The ‘Breaking Bad’ student gang who sold $1m worth of drugs over the ‘dark web’
  10. Reddit just banned /r/DarkNetMarkets – biggest darknet subreddit
  11. Pirate websites expose users to more malware
  12. Protecting security researchers at Dropbox
  13. Kaspersky Lab plans Swiss data center

For the more technical

  1. A bug in Cloudflare’s Auto Minify service
  2. Initial AMD technical assessment of CTS Labs research
  3. Siemens patches DoS flaws in industrial products (PDF)
  4. Drupal 7 and 8 core highly critical release
  5. Thousands of etcd servers are openly sharing credentials
  6. Windows Remote Assistance XXE vulnerability
  7. A beautiful exploit chain on GitHub Enterprise
  8. Breaking the Ledger security model
  9. Ethereum account balance manipulation
  10. Recovering plaintext passwords from Azure virtual machines
  11. Facebook scraped call, text message data for years from Android phones
  12. Leaking Facebook internal IP infrastructure
  13. TeleRAT: Android trojan leveraging Telegram’s Bot API to target Iranian users
  14. Reversing iBank trojan
  15. New Fakebank variant intercepts calls to connect banking users to scammers
  16. TrickBot banking trojan adapts with new module
  17. Dofoil trojan with coin-miner
  18. Glupteba is no longer part of Windigo
  19. Pop-up ads are helping distribute botnets, cryptocurrency miners and ransomware
  20. Sigma ransomware resurfaces following a three-month disappearance
  21. Sanny malware delivery method updated in recently observed attacks
  22. URL shortcut files abused to deliver malware
  23. Cryptocurrency miner distributed via PHP vulnerability, targets Linux servers
  24. How long does it take for a MongoDB to be compromised
  25. GitHub hosts infostealer – part 1 & 2
  26. Oracle EBS password decryption scheme
  27. Dynamic analysis of iOS apps without Jailbreak
  28. Online sandboxing services as a data exfiltration intermediary (PDF)
  29. Gaining filesystem access via blind OOB XXE
  30. Strategies in ransomware for robots
  31. New R2D2 technique protects files against wiper malware
  32. Introducing Certificate Transparency and Nimbus
  33. Energetic DragonFly DYMALLOY Bear 2.0
  34. Watering hole attack on leading Hong Kong telecom site exploiting Flash flaw
  35. Scarlett Johansson’s picture got PostgreSQL database to start mining monero
  36. Happy New Year wishes from China
  37. APT attacks targeting financial institutions (PDF)
  38. Assessing the cyber readiness of the Middle East’s oil and gas sector
  39. Q4 2017 global DDoS threat landscape report

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *